Similar to other Exasol connectors, PyEXASOL is capable of using TLS cryptographic protocol.
Exasol published a few articles describing the details:
- Using TLS with our analytics database (part 1): understanding the basics;
- Using TLS with our analytics database (part 2): secure communication with Exasol
- TLS for all Exasol drivers
Encryption is ENABLED by default starting from PyEXASOL version 0.24.0.
Encryption was DISABLED by default in previous versions.
- Exasol running "on-premises" uses self-signed SSL certificate by default. You may generate a proper SSL certificate and upload it using instruction.
- Exasol Docker uses self-signed SSL certificate by default. You may generate a proper SSL certificate and use it via editing of EXAConf file. More details are available on the GitHub page.
- Exasol SAAS running in the cloud uses proper certificate generated by public certificate authority. It does not require any extra setup.
Certificate verification is disabled by default for connections with username and password. Certificate verification is enabled by default for connections with username and OpenID token.
Similar to JDBC / ODBC drivers, PyEXASOL supports fingerprint certificate verification. Please check the examples below.
- How to connect with TLS encryption:
pyexasol.connect(dsn='myexasol:8563'
, user='user'
, password='password')- How to connect with TLS encryption and fingerprint verification:
pyexasol.connect(dsn='myexasol/135a1d2dce102de866f58267521f4232153545a075dc85f8f7596f57e588a181:8563'
, user='user'
, password='password'
)- How to connect with TLS encryption and full certificate verification "on-premises" using internal root CA (certificate authority):
pyexasol.connect(dsn='myexasol:8563'
, user='user'
, password='password'
, websocket_sslopt={
"cert_reqs": ssl.CERT_REQUIRED,
"ca_certs": '/path/to/rootCA.crt',
})- How to connect to Exasol SAAS (TLS encryption is REQUIRED for SAAS):
pyexasol.connect(dsn='abc.cloud.exasol.com:8563'
, user='user'
, refresh_token='token'
, encryption=True
)